Vulnerabilities and security researches forsmtp-mailing-queue smtp-mailing-queue

Jun 07, 2024

CVE, Research URL: CVE-2023-1090
Home page URL: Security reports for SMTP Mailing Queue
Application: SMTP Mailing Queue
Date: May 02, 2023
Research Description: The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 2.0.1.
Status: vulnerable

CVE, Research URL: 50102fa9853d89dbd009f668642c536bd89820d6
Home page URL: Security reports for SMTP Mailing Queue
Application: SMTP Mailing Queue
Date: Apr 03, 2023
Research Description: SMTP Mailing Queue [smtp-mailing-queue] < 2.0.0 SMTP Mailing Queue <= 1.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting The SMTP Mailing Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via mailing settings in versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 2.0.0.
Status: vulnerable